cryptanalysis applied against block ciphers as well as hash functions. A popular public
key cryptosystem, RSA is also vulnerable to chosen-plaintext attacks.
Dictionary Attack − This attack has many variants, all of which involve compiling a
‘dictionary’. In simplest method of this attack, attacker builds a dictionary of ciphertexts
and corresponding plaintexts that he has learnt over a period of time. In future, when an
attacker gets the ciphertext, he refers the dictionary to find the corresponding plaintext.
Brute Force Attack (BFA) − In this method, the attacker tries to determine the key by
attempting all possible keys. If the key is 8 bits long, then the number of possible keys is
28 = 256. The attacker knows the ciphertext and the algorithm, now he attempts all the
256 keys one by one for decryption. The time to complete the attack would be very high
if the key is long.
Birthday Attack − This attack is a variant of brute-force technique. It is used against the
cryptographic hash function. When students in a class are asked about their birthdays,
the answer is one of the possible 365 dates. Let us assume the first student's birthdate is
3rd Aug. Then to find the next student whose birthdate is 3rd Aug, we need to enquire
1.25*•√365 ≈ 25 students.
Similarly, if the hash function produces 64 bit hash values, the possible hash values are
1.8x1019. By repeatedly evaluating the function for different inputs, the same output is
expected to be obtained after about 5.1x109 random inputs.
If the attacker is able to find two different inputs that give the same hash value, it is
a collision and that hash function is said to be broken.
Man in Middle Attack (MIM) − The targets of this attack are mostly public key
cryptosystems where key exchange is involved before communication takes place.
o Host A wants to communicate to host B, hence requests public key of B.
o An attacker intercepts this request and sends his public key instead.
o Thus, whatever host A sends to host B, the attacker is able to read.
o In order to maintain communication, the attacker re-encrypts the data after
reading with his public key and sends to B.
o The attacker sends his public key as A’s public key so that B takes it as if it is
taking it from A.
Side Channel Attack (SCA) − This type of attack is not against any particular type of
cryptosystem or algorithm. Instead, it is launched to exploit the weakness in physical
implementation of the cryptosystem.
Timing Attacks − They exploit the fact that different computations take different times
to compute on processor. By measuring such timings, it is be possible to know about a
particular computation the processor is carrying out. For example, if the encryption
takes a longer time, it indicates that the secret key is long.
Power Analysis Attacks − These attacks are similar to timing attacks except that the
amount of power consumption is used to obtain information about the nature of the
Fault analysis Attacks − In these attacks, errors are induced in the cryptosystem and the
attacker studies the resulting output for useful information.
2. SECURITY SERVICES :
The primary objective of using cryptography is to provide the following four fundamental
information security services. Let us now see the possible goals intended to be fulfilled by
Confidentiality is the fundamental security service provided by cryptography. It is a security
service that keeps the information from an unauthorized person. It is sometimes referred to
as privacy or secrecy.